Please note, MISTI is in the process of changing our payment details. Please contact us for further details and on ways to pay at misti@misti.com or +44 (0) 203 819 0800. We are sorry for any inconvenience.

The Dos and Don'ts of IT GRC in the Cloud

By Marcos Colón

| August 23, 2018

There’s no denying the benefits that migrating to the cloud can have on a business, and with the introduction of artificial intelligence and machine learning, more organizations are tapping into the perks tied to cloud technology. According to a recent study of IT professionals conducted by LogicMonitor, a Santa Barbara-based SaaS provider, 83 percent of enterprise workloads will be in the cloud by 2020. However, where there are benefits, there are also challenges.

The massive sets of data that businesses juggle nowadays require a calculated approach when it comes to security and privacy. For the IT auditor of today, maneuvering through these complex environments is critical to their role. Given the explosion of cloud usage in the last few years, this has created an elaborate landscape for IT auditors to examine from a compliance standpoint, says Mark Thomas, president of Escoute Consulting.

When it comes to working with cloud service providers, Thomas shared that one of the primary questions IT auditors should be asking is about where the data will reside.

“If you think about this from an auditor’s perspective, when we have a relationship with a cloud provider, it starts way back when we started [creating] that contract,” Thomas told Internal Audit Insights during a recent interview shot at MISTI’s ITAC Conference in San Diego. “It’s a great practice to understand how you contracted with that organization.”

Data ownership and the timing tied to auditing a cloud provider are two other topics that IT auditors should be well-versed in, Thomas added.

In the full interview below, Thomas discusses the impact that cloud migration has had on the business, and shares the major dos and don'ts that IT auditors should know about GRC in the cloud.

As MISTI’s content marketing lead, Marcos spearheads the brand’s content marketing strategy, implementing a process to deliver high-quality insight to information security and internal audit professionals. Prior to working with MISTI, he served as the online editor for the award-winning SC Magazine, a prominent B2B IT security publication. He also served as a senior editor at NewsCred, a prominent content marketing agency, where he provided content strategy guidance for leading brands that include Discover, IBM, Visa and Bloomberg.

Quick Links

MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.